Details
Win32.CTX.6886

This is a Win32 parasitic virus. It uses polymorphic and Entry Point Obscuring mehods (see below).
It is not a dangerous nonmemory resident parasitic polymorphic Windows virus. It searches for PE EXE files (Windows Portable Executable files) in current directory (except drive root directory), Windows and Windows system directory and infects up to five files in each directory on each infected file start.
The virus checks file names and avoids several anti-virus programs infection: DR*, PA*, RO*, VI*, AV*, TO*, CA*, IN* (DRWEB, PANDA, VIRUS*, AVP, e.t.c.).
The virus payload routine is activated when an infected file is executed in six month after being infected and exactly at the same hour. This routine inverts the desktop colors, in case the monitor has enough resolution, and then goes in an endless loop.
The virus contains the text string that are not used in any way:
[ CTX Phage Virus BioCoded by GriYo / 29A Disclaimer: This software has
been designed for research purposes only. The author is not responsible
for any problems caused due to improper or illegal usage of it ]

Related Posts

This entry was posted on Wednesday, July 2nd, 2008 at 11:50 am and is filed under Virus Threats.